﻿<?php
include('connect_db.php');

try {
		$dbconn = getDB();
		$users_sql = 'SELECT * FROM users';
		$users_stmt = $dbconn->prepare($users_sql);
		$users_stmt->execute();
		
		$bills_sql = 'SELECT * FROM bills';
		$bills_stmt = $dbconn->prepare($bills_sql);
		$bills_stmt->execute();
		
		$houses_sql = 'SELECT * FROM houses';
		$houses_stmt = $dbconn->prepare($houses_sql);
		$houses_stmt->execute();
}
	catch (Exception $e) {
		echo $e->getMessage();
}

if (isset($_POST['delete_user'])) {
	// Delete from the users table
	$delete_user_sql = 'DELETE FROM users
						WHERE id= :id';
	$delete_user_stmt = $dbconn->prepare($delete_user_sql);
	$delete_user_stmt->execute(array (':id'=>$_POST['id']) );
	
	// Delete from the houses_users table
	$delete_house_user_sql = 'DELETE FROM houses_users
						WHERE user_id= :id';
	$delete_house_user_stmt = $dbconn->prepare($delete_house_user_sql);
	$delete_house_user_stmt->execute(array (':id'=>$_POST['id']) );
	
	// Delete from the bills_users table
	$delete_bill_user_sql = 'DELETE FROM bills_users
						WHERE user_id= :id';
	$delete_bill_user_stmt = $dbconn->prepare($delete_bill_user_sql);
	$delete_bill_user_stmt->execute(array (':id'=>$_POST['id']) );
	header("location:admin.php");
}

if (isset($_POST['delete_bill'])) {
	// Delete from the bills table
	$delete_bill_sql = 'DELETE FROM bills
						WHERE id= :id';
	$delete_bill_stmt = $dbconn->prepare($delete_bill_sql);
	$delete_bill_stmt->execute(array (':id'=>$_POST['id']) );
	
	// Delete from the bill_users table
	$delete_bill_user_sql = 'DELETE FROM bills_users
						WHERE bill_id= :id';
	$delete_bill_user_stmt = $dbconn->prepare($delete_bill_user_sql);
	$delete_bill_user_stmt->execute(array (':id'=>$_POST['id']) );	
	header("location:admin.php");
}

if (isset($_POST['delete_house'])) {
	// Delete from the houses table
	$delete_house_sql = 'DELETE FROM houses
						WHERE id= :id';
	$delete_house_stmt = $dbconn->prepare($delete_house_sql);
	$delete_house_stmt->execute(array (':id'=>$_POST['id']) );
	
	// Delete from the houses_users table
	$delete_house_user_sql = 'DELETE FROM houses_users
						WHERE house_id= :id';
	$delete_house_user_stmt = $dbconn->prepare($delete_house_user_sql);
	$delete_house_user_stmt->execute(array (':id'=>$_POST['id']) );	
	header("location:admin.php");
}

?>



<?php include('templates/main/header.php'); ?>	
	
	<div id="body">
		<div id="content" class="right_sidebar">	
			<div id="admin">
			<hr>
			<h1>Admin Page</h1>
			<hr>
			<br>
			<br>
			
			<?php if (checkLoggedin() && $_SESSION['privilege'] == 1): ?>
			<h2>Welcome, <?php echo htmlentities($_SESSION['firstname']) ?>!</h2>
			
			<h3>Users</h3>
			<?php
				foreach ($users_stmt as $row) {
			?>
				<div class="users">
				<form action="admin.php" method="post">
					<?php
						echo '<input type="hidden" name="id" value="'.$row['id'].'" />';						
						echo htmlentities('username: '.$row['username']).'<br />';
						echo htmlentities('lastname: '.$row['lastname']).'<br />';
						echo htmlentities('firstname: ' . $row['firstname']).'<br />';
						echo htmlentities('privilege: '.$row['privilege']).'<br />';
						echo htmlentities('last_login: '.$row['last_login']).'<br />';
						echo "<form method='post' action='admin.php' >";
							echo	"<input type='submit' name='delete_user' value='Delete' />";
						echo "</form>";
					?>
				</form>
				</div>
				<?php
				}
				?>	
				
			<hr>
			
			<h3>Bills</h3>
			<?php
				foreach ($bills_stmt as $row) {
			?>
				<div class="bills">
				<form action="admin.php" method="post">
					<?php
						echo '<input type="hidden" name="id" value="'.$row['id'].'" />';						
						echo htmlentities('house_id: '.$row['house_id']).'<br />';
						echo htmlentities('user_id: '.$row['user_id']).'<br />';
						echo htmlentities('amount: ' . $row['amount']).'<br />';
						echo htmlentities('create_time: '.$row['create_time']).'<br />';
						echo htmlentities('category_id: '.$row['category_id']).'<br />';
						echo htmlentities('notes: '.$row['notes']).'<br />';
						echo "<form method='post' action='admin.php' >";
							echo	"<input type='submit' name='delete_bill' value='Delete' />";
						echo "</form>";
					?>
				</form>
				</div>
				<?php
				}
				?>
				
				<hr>
				
				<h3>Households</h3>
				<?php
				foreach ($houses_stmt as $row) {
				?>
				<div class="households">
				<form action="admin.php" method="post">
					<?php
						echo '<input type="hidden" name="id" value="'.$row['id'].'" />';						
						echo htmlentities('name: '.$row['name']).'<br />';
						echo htmlentities('address: '.$row['address']).'<br />';
						echo htmlentities('create_time: '.$row['create_time']).'<br />';
						echo "<form method='post' action='admin.php' >";
							echo	"<input type='submit' name='delete_house' value='Delete' />";
						echo "</form>";
					?>
				</form>
				</div>
				<?php
				}
				?>
				
				
				
			<?php else: ?>
			<?php if (isset($err)) echo "<p>$err</p>" ?>
			<?php	echo "You don't have the privilege to view this page, or you need to login."; ?>
			<form method="post" action="index.php">
				<input name="" type="submit" value="Go back to index page" />
			</form>
			<?php endif; ?>
			
		</div>
	</div>
	</div>
<?php include('templates/main/footer.php'); ?>	
